RESPONSIBLEDIS C LOSUREPOLI C Y,1.
G eneralInformation.TheSiteLock,LL C (“SiteLock”)ResponsibleDisclosurePolicy,detailstheprocessbywhichSiteLockpubliclydisclosesvulnerabilitiesfoundduringresearch,andmalwarecleaningprocesses.ThePolicyreflectsSiteLock’sdedicationtoasecurewebfor,allsiteownersanddevelopers,andstressesprivacyandtheprotectionofsensitivedata.,2.
G uidelines,ItisrequiredthatallSiteLockresearchers:,●Analyzepubliclyavailablecodebases,orpurchaseacopyoflicensedcodeforanalysis,●Verifyproofofconceptexploitsoninternaltestsystems,●UnderstandandadheretotheSiteLockResponsibleDisclosurePolicyinallstepsofthe,researchprocess,SiteLockcommitstodevelopersandsiteownersto:,●Workwiththeresponsiblepartytounderstandandresolveissuesquickly,including,providingscreenshots,codeexamples,andproofofconceptcode,●Makeeveryefforttoavoidprivacyviolations,●Recognizeeffortstomitigatereportedvulnerabilities,SiteLockwillnotperformsecurityresearchinthefollowingareas:,●Physicalsecuritytestingsuchasbuildingaccess,●Socialengineeringtestssuchasphonecallsandspearphishing,●Nonpublic,proprietarycodebases,●Networklevelattacksordenialofservice,3.WhatSiteLockIncludesinaVulnerabilityDisclosure,SiteLockwillstrivetoprovidecomprehensiveandsuccinctvulnerabilityreportstodevelopers,whichinclude:,●Thedescriptionandimpactofthevulnerability,includingfilepathsandnames,linesof,code,andresultantfiles,●Adetaileddescriptionofthestepsrequiredtoreproducethevulnerability,● C ontactinformationfortheresearcherandcompanycontactinformation,4.TimelineforDisclosure.SiteLockwillprovide30daysfromthedateofreportfor,developerstorespondandmitigatevulnerabilities.Developerrequestsfordisclosureextension,willbehonored.SiteLockwilladheretothe30dayguidelineifthereisalackoforcessationof,developerresponse.,ThispolicywasadaptedwithchangesfromtheOpenSourceResponsibleDisclosureFrameworkusing,the C reative C ommonsAttribution4.0InternationalLicense.